How do I enable SSL for my Servoy connections?

Create a Certificate Signing Request (CSR) using keytool.

1) Create a Certificate Signing Request (CSR) using keytool. Enter the command:

keytool -genkey -alias sslkey -keyalg RSA -keystore servoy.ks -validity 360

NOTE: keytool is a commandline tool that ships with your Java SDK

NOTE: you can make the alias (sslkey) whatever you want

NOTE: you can call the keystore file (servoy.ks) whatever you want

NOTE: you can make the validity (in days) whatever you want

a) Enter a keystore password (whatever you want)

b) Now keytool asks for your first and last name. Enter the Fully Qualified Domain Name of the host that Servoy Server is running on. For example: www.mycompany.com

c) Fill in something relevant for the rest of the fields.

d) Enter the password for this key.

USE THE SAME PASSWORD AS IN STEP a!!! In other words, JUST PRESS RETURN.

Enter the command:

keytool -certreq -alias sslkey -keyalg RSA -file servoy.csr -keystore servoy.ks

e) MAKE A BACKUP COPY OF THESE FILES. IF YOU LOSE THEM OR ACCIDENTALLY DESTROY THEM YOU WILL HAVE PAID FOR NOTHING!!!

2) Go to the company you purchase your SSL certificate from, or use http://www.cacert.org to get a free certificate.  The company you choose will ask for some info, like corporate details, etc.  When finished you will get a .crt file.

3) Import the signed .crt file which you received from Instant SSL into your keystore:

keytool -import -alias sslkey -keystore servoy.ks -trustcacerts -file servoy.crt

Type the correct password and trust the certificate.

NOTE: In order to use keytool to import your certificate, you must have the intermediate or root certificate from the issuer installed on the machine you are using the keytool command on.  GoDaddy has instructions on this at https://certificates.godaddy.com/InstallationInstructions.go 

4) Copy this keystore file (servoy.ks) to a location on the machine which runs Servoy Server. In the admin pages select Network Settings, and fill in the correct location for the SSLKeystorePath and the correct password for the SSLKeystorePassword.

Restart the server.

NOTE:

YOUR KEYSTORE CONTAINS VERY SENSITIVE INFORMATION!! IF THIS INFORMATION IS COMPROMISED PEOPLE CAN DO ALL KINDS OF NASTY STUFF SUCH AS LISTEN IN ON AND MODIFY YOUR SUPPOSEDLY ENCRYPTED INFORMATION. IF YOU EVEN FIND OUT THAT THIS HAS HAPPENED (WHICH IS A BEST CASE SCENARIO) YOU WILL HAVE TO REVOKE THE CERTIFICATE AND PURCHASE A NEW ONE.

IF YOU LOSE OR ACCIDENTALLY DESTROY YOUR KEYSTORE, YOU WILL ALSO HAVE TO PURCHASE A NEW CERTIFICATE. MAKE PROPER BACKUPS AT ALL TIMES AND MAKE SURE ONLY AUTHORIZED PERSONNEL HAS ACCESS TO THESE BACKUPS!!